Preparing for Signature and TimeStamp


Before applying and verifying digital signatures (hereafter, signatures) and timestamps, please review the overview of the features and the necessary preparations.

CONTENTS

Preparing for Signature

To apply and verify digital signatures, you need to prepare the following in advance.

Obtaining the Certificate Used for Application

You need a “certificate that can prove the identity of the signer to the signature verifier” to apply a digital signature.

Before using the signature function, please obtain one of the following digital certificates in advance:

  • Official certificate issued by the GPKI
  • Duty certificate issued by the LGPKI
  • Commercial registration digital certificate issued by the commercial registration certification authority
  • Digital certificate issued by SECOM Passport for G-ID (administrative scrivener, judicial scrivener, social insurance labor consultant, land and house investigator, etc.)
  • Digital certificate stored in the My Number card issued by the Public Personal Authentication Service (JPKI)
  • Other digital certificates issued by a trusted certification authority

The obtained digital certificate can be used as the following types.

Types of Certificates Available in This Product
File Certificate file (*.p12 / *.pfx)
Certificate Store/IC Card Certificate already imported into the machine being used.
  • If you are using an official certificate or duty certificate stored in an IC card other than the My Number card, you need to import the certificate into the certificate store of the machine you are using.
JPKI

Digital certificate (Japanese Public Key Infrastructure) stored in the My Number card.

When Using a Self-Signed Certificate

A self-signed certificate is a certificate that the signer themselves creates and issues.

In this product, you can create it from [New] in the certificate selection screen when applying a signature using the PKCS#7 profile without a timestamp.

The created self-signed certificate can be used for signatures without verification information and timestamps, regardless of the profile settings.

However, to verify a signature using a self-signed certificate, the same self-signed certificate must be installed in the “Trusted Root Certification Authorities” store of the machine performing the verification.

Also, since a self-signed certificate is not issued by a trusted third-party authority, you cannot obtain verification information over the Internet.

Therefore, it is not recommended to use it for signatures on documents that are expected to be verified by others or documents that need to be stored for a long time.

Installing the Root and Intermediate CA Certificates for Signature

You need the root CA certificate and intermediate CA certificate according to the certificate specified at the time of application to apply and verify the signature.
If it is a certificate approved by Microsoft’s Root Certificate Update Program, it will be installed automatically in the background.
However, it will not be installed automatically in the following cases:

  • When the “Turn off automatic root certificate update” setting of the OS is enabled.
  • When it is an environment where you cannot connect to Microsoft.
  • When downloading certificates is restricted.
  • When a Microsoft unapproved certificate such as a self-signed certificate is used.

If it is not installed automatically, please confirm and obtain the appropriate certificate, and install it manually according to the following procedure.

  1. Execute the obtained certificate file.
    If a security warning is displayed, press [Open] to proceed.
  2. Press [Install Certificate].
  3. Press [Next].
  4. Select [Place all certificates in the following store], and press [Browse].
  5. If it is a root CA certificate, select [Trusted Root Certification Authorities], If it is an intermediate CA certificate, select [Intermediate Certification Authorities], and press [OK].
  6. Press [Next].
  7. Press [Finish] to install (import) the certificate.

When Using an Official Certificate / Duty Certificate

The certificates required to verify signatures using an official certificate or duty certificate can be downloaded and installed from [GPKI Preference] in the [Signature/Seal] menu.

Checking the Environment Settings for Signature

Open the [Signature] tab and the [Signature Text] tab of the Preferences, and make the appropriate settings for applying and verifying signatures.

Preparing for Timestamp

To apply and verify timestamps, you need to prepare the following in advance.

Please note that the application and verification of timestamps can only be done in an online environment.

Obtaining the License for Timestamp Service

You need a license for the timestamp service to apply a timestamp. It is not necessary if you are only verifying.

In this product, you can use two types of timestamp services.

If you do not have a license, please apply and purchase the service you want to use.

AMANO TimeStamp AMANO Time Stamp Service 3161
Timestamp of AMANO Secure Japan Corporation 
  • It can be used in [Signature], [Archive], [Timestamp], etc. in the [Signature/Seal] menu.
  • It can also be used in SkyPDF Pro Driver, SkyPDF V4 Driver.
SEIKO TimeStamp SEIKO Time Stamp Service
Timestamp of SEIKO Solutions Corporation 
  • It can be used in [Signature], [Archive], [TimeStamp] in the [Signature/Seal] menu.

Installing the Root and Intermediate CA Certificates for Timestamp

You need the root CA certificate and intermediate CA certificate according to the timestamp to apply and verify the timestamp.
If it is a certificate approved by Microsoft’s Root Certificate Update Program, it will be installed automatically in the background.However, it will not be installed automatically in the following cases:

  • When the “Turn off automatic root certificate update” setting of the OS is enabled
  • When it is an environment where you cannot connect to Microsoft
  • When downloading certificates is restricted
  • When a Microsoft unapproved certificate such as a self-signed certificate is used

If it is not installed automatically, please confirm and obtain the appropriate certificate, and install it manually according to the following procedure.

  1. Access the download page of Secom Trust Systems Co., Ltd. from the URL shown below, and download all the following root CA certificates and intermediate CA certificates.
  2. Execute each downloaded certificate file.
    If a security warning is displayed, press [Open] to proceed.
  3. Press [Install Certificate].
  4. For the root CA certificate (SCRoot2ca.cer, SCRoot3ca.cer), select the store for [Trusted Root Certification Authorities], and then press [OK].
    For the intermediate CA certificate (ca3-der.cer or ca3.cer), select the store for [Intermediate Certification Authorities], and then press [OK].
  5. Press [Next].
  6. Press [Finish] to install (import) the certificate.
    All downloaded certificates have been imported and you are done.

Checking the Environment Settings for Timestamp

When applying a timestamp, open the [AMANO Timestamp] tab or the [SEIKO Timestamp] tab in the Preferences, and make the appropriate settings according to the timestamp service you are using.